Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 43
  1. #31
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    Quote Originally Posted by PathfinderNetworks View Post
    I just was burned by this as well. Couple sites, including my own, have a block of WAN IP addresses with multiple services running behind Untangle utilizing those IP addresses configured as alias addresses. For years the port forwarding rule for 443 worked on the alias address regardless of the management port being on 443 on the LAN address for Untangle. Now, with 16.0.1 you've broken that. As others have said, the management ports for Untangle should NOT EVER interfere with the WAN alias addresses. This absolutely must be resolved.
    I suggest you open a support ticket and also add a feature request to [Suggest Idea].
    If you think I got Grumpy

  2. #32
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,301

    Default

    Quote Originally Posted by Jim.Alles View Post
    I suggest you open a support ticket and also add a feature request to [Suggest Idea].
    Alias having admin GUI was a requested feature so we are unlikely revert the change.
    Jim.Alles likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #33
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,487

    Default

    Quote Originally Posted by jcoffin View Post
    Alias having admin GUI was a requested feature so we are unlikely revert the change.
    Having the admin GUI on alias addresses was a requested feature?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #34
    Newbie
    Join Date
    Nov 2018
    Posts
    4

    Default

    Quote Originally Posted by jcoffin View Post
    Alias having admin GUI was a requested feature so we are unlikely revert the change.
    Say what? That's insane. I truly cannot fathom a wide-spread enough use case for that to be considered a feature.
    Last edited by PathfinderNetworks; 11-05-2020 at 04:49 PM.

  5. #35
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,400

    Default

    Especially when there are requests with hundreds of votes and no response other than the default "under consideration".
    https://untanglengfirewall.featureupvote.com/

  6. #36
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,487

    Default

    And the effect of admin on any alias can be had with a port forward rule...

    I guess now the inverse is true, move your service port then make a port forward rule for TCP 443 traffic on whatever IP you want admin to work on to 192.0.2.200 but... come on.

    You make the weirdos do the weird configuration, not make everyone else jump through hoops because you want to steal a common service port. This is something you fix with a tech talk, or a white paper, not a fundamental feature shift.
    Last edited by sky-knight; 11-05-2020 at 06:05 PM.
    JasonJoel likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #37
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,323

    Default

    Quote Originally Posted by jcoffin View Post
    Alias having admin GUI was a requested feature so we are unlikely revert the change.
    just because people request something stupid doesn't mean you have to do it
    JasonJoel likes this.

  8. #38
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,323

    Default

    Quote Originally Posted by sky-knight View Post
    You make the weirdos do the weird configuration, not make everyone else jump through hoops because you want to steal a common service port. This is something you fix with a tech talk, or a white paper, not a fundamental feature shift.
    100% agreed... suddenly changing a well understood feature that's worked the same way for a decade or longer just because somebody asked for something weird is just strange.
    This all tells me that whoever decided on this feature change either really didn't stop and think it through, or genuinely doesn't understand how this sort of thing should work
    JasonJoel likes this.

  9. #39
    Master Untangler
    Join Date
    Dec 2018
    Posts
    190

    Default

    I'm sooooo glad I stumbled onto this thread.
    Last edited by jlficken; 11-06-2020 at 02:57 PM.

  10. #40
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,807

    Default

    I've been thinking about this more, and I've come to believe what should really be happening here is that, yes, the admin UI really should respond on any alias... at least by default.

    However, the way it's implemented should be different. I want to think of the change conceptually as an invisible port forward rule for each interface (that we can enable/disable with a checkbox, possibly in the per-interface configuration rather than all at once). These rules should logically come after all our other port forward rules. This way we'll see Untangle if we don't have any other 443 forwards defined on the interface. But if we do have a conflicting port forward rule it will take precedence and we see the thing we asked for.

    In other words, the problem we have right now is it's as if the Untangle port forward rules come first in the list. It's not that we don't want those rules; it's that we want to come after the ones we define ourselves.

    There might also need to be some additional protection, to make sure the admin UI remains available somewhere and help keep a clueless administrator from accidentally doing something silly and locking himself out.
    Last edited by jcoehoorn; 11-12-2020 at 01:09 PM.
    Jim.Alles likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty

Page 4 of 5 FirstFirst ... 2345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2